[secdir] secdir review of draft-martin-urn-globus-02
Catherine Meadows <catherine.meadows@nrl.navy.mil> Wed, 17 February 2016 21:49 UTC
Return-Path: <catherine.meadows@nrl.navy.mil>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF4441B2F34; Wed, 17 Feb 2016 13:49:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.008
X-Spam-Level:
X-Spam-Status: No, score=-0.008 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.006, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LWXmOLIvvkAa; Wed, 17 Feb 2016 13:49:12 -0800 (PST)
Received: from ccs.nrl.navy.mil (mx0.ccs.nrl.navy.mil [IPv6:2001:480:20:118:118::211]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1FA91B2F31; Wed, 17 Feb 2016 13:49:06 -0800 (PST)
Received: from ashurbanipal.fw5540.net (fw5540.nrl.navy.mil [132.250.196.100]) by ccs.nrl.navy.mil (8.14.4/8.14.4) with ESMTP id u1HLn367017264 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT); Wed, 17 Feb 2016 16:49:03 -0500
From: Catherine Meadows <catherine.meadows@nrl.navy.mil>
Content-Type: multipart/alternative; boundary="Apple-Mail=_11BF8542-4C35-4518-8182-878E912BD67E"
Date: Wed, 17 Feb 2016 16:49:03 -0500
Message-Id: <76C59DBD-5B5E-4976-B574-97ED20287E12@nrl.navy.mil>
To: secdir@ietf.org, iesg@ietf.org, draft-martin-urn-globus.all@tools.ietf.org
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
X-Mailer: Apple Mail (2.3112)
X-CCS-MailScanner: No viruses found.
X-CCS-MailScanner-Info: See: http://www.nrl.navy.mil/ccs/support/email
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/c73hSKYGojFBYUD3b-7GVHhkOjg>
Subject: [secdir] secdir review of draft-martin-urn-globus-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Feb 2016 21:49:19 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draftt describes a Uniform Resource Name (URN) namespace that is used by the Globus software-as-a-service provider for naming persistent resources. The main requirement is that these identifiers which will persist in external systems, and which must be identifiable as references to Globus entities. The draft specifies the syntax, and describes mechanisms for enforcing uniqueness. In particular, URNs may not be reassigned. In the Security Considerations section, the authors refer the reader to RFC’s 1737 and 2141. The security considerations in RFC 1737 refer to authentication mechanisms which are outside the scope of the document. The recommendations of RFC 1737, however, may require more attention. Its Security Considerations section runs as follows: This document specifies the syntax for URNs. While some namespaces resolvers may assign special meaning to certain of the characters of the Namespace Specific String, any security consideration resulting from such assignment are outside the scope of this document. It is strongly recommended that the process of registering a namespace identifier include any such considerations. The draft does not propose any special meanings for characters in the Namespace Specific String, but I think it would be good to add a sentence in the Security Considerations Section mentioning this stipulation, and pointing out that it does not apply in your case because no such spacial meaning is proposed. I consider this document Ready With Nits. Cathy is being proposed, Catherine Meadows Naval Research Laboratory Code 5543 4555 Overlook Ave., S.W. Washington DC, 20375 phone: 202-767-3490 fax: 202-404-7942 email: catherine.meadows@nrl.navy.mil <mailto:catherine.meadows@nrl.navy.mil>
- [secdir] secdir review of draft-martin-urn-globus… Catherine Meadows